đ¨ Letâs Encrypt at risk from Trump cuts to OTF: âLetâs Encrypt received around $800,000 in funding from the OTFâ
Dear @EUCommission, get your heads out of your arses and letâs find @letsencrypt âŹ1M/year (a rounding error in EU finances) and have them move to the EU.
If Letâs Encrypt is fucked, the web is fucked, and the Small Web is fucked too. So how about we donât let that happen, yeah?
(In the meanwhile, if the Letâs Encrypt folks want to make a point about how essential they are, it might be an idea to refuse certificates to republican politicians. See how they like their donation systems breaking in real timeâŚ)
CC @nlnet @NGIZero@mastodon.xyz
#USA #fascism #OpenTechFund #LetsEncrypt #SSL #TLS #encryption #EU #web #tech #SmallWeb #SmallTech mastodon.social/@publictorstenâŚ
publictorsten (@publictorsten@mastodon.social)
Wenn Letâs Encrypt plĂśtzlich nicht mehr klappt, wird das halbe Internet aus Zertifikatsfehlern bestehen. https://www.heise.de/news/Nach-Trump-Dekret-Kampf-um-US-Foerdermittel-fuer-Tor-F-Droid-und-Let-s-Encrypt-10328226.htmlMastodon
Unus Nemo likes this.
reshared this
SpaceLifeForm
in reply to Aral Balkan • • •Fundamentaly, the design is flawed because DNS is not decentralized.
Got Dot?
Unus Nemo
in reply to SpaceLifeForm • •@SpaceLifeForm
@SpaceLifeForm wrote:
Who told you that DNS is not decentralized? There are more and more root servers all the time and many different organizations and countries have these root servers setup.
this URI has the schema (protocol) https:// the the host www.example.com that breaks down into the the subdomain www domain name example that .com the root domain server(s) knows the address of the host(s) domain example and it is up to example to have the rest of its domain information.
This was designed as a decentralized way to do domain lookup to be scale-able. It is not like there is one centralized location that knows every domain.
SpaceLifeForm likes this.
SpaceLifeForm
in reply to Unus Nemo • • •@unusnemo
There is a difference between logical and physical servers. Your DNS lookups are not decentralized, and usually can be seen over the wire.
Unless you run your own recursive resolver, you will be revealing a lot of information about your traffic even if it is encrypted. Even if you run your own recursive resolver, you will reveal metadata, albeit, at a possibly lower rate.
en.m.wikipedia.org/wiki/Root_nâŚ
#Metadata #root13
name server for the root zone of the Domain Name System of the Internet
Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)adison verlice
in reply to Aral Balkan • • •they can't. that'd completely go against their values.
this is like asking them to refuse letsencrypt in Russia, they can't. it's an automated certificate system, they can't just prevent the issuing certificates simply because of their party.
even big websites, like the national security agency, and even whitehouse.gov use letsencrypt as well, so it wouldn't be a good sign for anyone.
Cassandrich
in reply to adison verlice • • •adison verlice
in reply to Cassandrich • • •Cassandrich
in reply to adison verlice • • •adison verlice
in reply to Cassandrich • • •again, this will not slow them down, as again, they can turn to other paid providers who will gladly do it to them. again, take digicert. they issue certs for almost all of the government sites becides the NSA and few others. for example, defense.gov uses digicert. so if the (nazi's) wanted to, they could simply use digicert, it's not out of their budget. also, don't forget about GTS (google trust services) and also cloud flare.
so it would slow them down at best, do nothing at worst
adison verlice
in reply to Cassandrich • • •@dalias also keep in mind they issue certificates to, everyone, who requests them. it could be a small web dev like myself, it could be the ritch politition in America, they will issue certs for literally anyone.
"Let's Encrypt is a global Certificate Authority (CA). We let people and organizations around the world obtain, renew, and manage SSL/TLS certificates."
letsencrypt.org/docs/faq/
FAQ
letsencrypt.orgadison verlice
in reply to Aral Balkan • • •Cassandrich
in reply to adison verlice • • •Alexandre Dulaunoy
in reply to Aral Balkan • • •The main problem is the bureaucracy associated for this. Another issue is the ownership control of the organisation (DEP Cybersecurity), the organisation needs to be controlled by EU citizen and located in EU.
@EUCommission @letsencrypt @nlnet
Aral Balkan
in reply to Alexandre Dulaunoy • • •Alexandre Dulaunoy
in reply to Aral Balkan • • •I really would like to share your optimism too.
If I can help in some ways, let me know. I was tracking the RFA budget withdraw and wondering how long OTF can survive without the funding.
@EUCommission @letsencrypt @nlnet
Jens Finkhäuser
in reply to Alexandre Dulaunoy • • •@a We don't need to move Let's Encrypt to the EU. We need to run a EU-based equivalent, and make it so that the infrastructure they run is easily replicated.
As this development clearly demonstrates, Let's Encrypt is a single point of failure. It was never a good idea. It was just a less bad idea than others.
And no, that's absolutely not suggesting they didn't do great work. This is about designing for resilience.
@EUCommission @letsencrypt @nlnet